Solaris Management Console Tools

The Solaris Management Console provides access to toolboxes of GUI-based administration tools.
These tools enable you to edit items in various configuration databases. In Trusted Extensions,
the Solaris Management Console is the administrative interface for users, roles, and the trusted
network databases.

Trusted Extensions adds the Security Templates tool and the Trusted
Network Zones tool to the Computers and Networks tool set.

Solaris Management Console tools are collected into toolboxes according
to scope and security policy. To administer Trusted Extensions, Trusted Extensions provides
toolboxes whose Policy=TSOL. You can access tools according
to scope, that is, according to naming service. The available scopes are local
host and LDAP.

The Solaris Management Console is shown in the following figure. A Scope=Files Trusted Extensions toolbox
is loaded, and the Users tool set is open.

Trusted Extensions Tools in the Solaris Management Console

User Accounts tool – Is
the administrative interface to change a user's label, change a user's view
of labels, and to control account usage.

Administrative Roles tool – Is
the administrative interface to change a role's label range and screen-locking
behavior when idle.

Trusted Extensions adds two tools to the Computers and Networks tool
set:

Security Templates tool – Is
the administrative interface for managing the label aspects of hosts and networks.
This tool modifies the tnrhtp and tnrhdb databases,
enforces syntactic accuracy, and updates the kernel with the changes.

Trusted Network Zones tool – Is
the administrative interface for managing the label aspects of zones. This
tool modifies the tnzonecfg database, enforces syntactic
accuracy, and updates the kernel with the changes.

Figure 8–2 Computers and Networks Tool Set in the Solaris Management Console

Security Templates Tool

A security template describes a set of security
attributes that can be assigned to a group of hosts. The Security Templates
tool enables you to conveniently assign a specific combination of security
attributes to a group of hosts. These attributes control how data is packaged,
transmitted, and interpreted. Hosts that are assigned to a template have identical
security settings.

The hosts are defined in the Computers tool. The security attributes
of the hosts are assigned in the Security Templates tool. The Modify Template
dialog box contains two tabs:

General tab – Describes
the template. Includes its name, host type, default label, domain of interpretation
(DOI), accreditation range, and set of discrete sensitivity labels.

Hosts Assigned to Template tab – Lists
all the hosts on the network that you have assigned to this template.

Trusted Network Zones Tool

The Trusted Network Zones tool identifies the zones on your system.
Initially, the global zone is listed. When you add zones and their labels,
the zone names display in the pane. Zone creation usually occurs during system
configuration. Label assignment, multilevel port configuration, and label
policy is configured in this tool. For details, see Chapter 16, Managing Zones in Trusted Extensions (Tasks).

Client-Server Communication With the Solaris Management Console

Typically, a Solaris Management Console client administers systems remotely.
On a network that uses LDAP as a naming service, a Solaris Management Console client connects to
the Solaris Management Console server that runs on the LDAP server. The following figure shows
this configuration.